[Samba] restricting the windows users security tab with samba acl
Gerald (Jerry) Carter
jerry at samba.org
Mon Aug 20 19:14:42 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jaan Talvet wrote:
> Hello,
>
> We're porting all our windows file servers over to linux. I just joined
> our samba server to Active Directory and it works great with ACL - I can
> add/remove Sales, Marketing, IT groups etc.., unfortunately, so can
> everyone else.
>
> Q) How can I restrict our regular windows XP users from manipulating the
> "Properties -> Security" tab in file explorer? I'd need to restrict
> that to only the "Domain Admins" group like in Windows. Right now,
> anyone can add/remove groups - that's bad.
Change the ownership of the files directory to root and
rely on group permissions. Assuming you have 'dos filemode = no'
(the default), this should give you the semantics you want.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGyeghIR7qMdg1EfYRAidKAJ4hhmEYtXHKJANeHpqvTlKSANA/CgCeJFeV
Tz4WDUgCN9W2gIeGbhtXSQ4=
=9e7J
-----END PGP SIGNATURE-----
More information about the samba
mailing list